Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Advertisements

Snickets

Posted 26 July 2005 - 12:10 PM

Snickets

Visiting Staff

Member

425 posts

Hello redab37,

Welcome to geekstogo my name is Snickets and I will be helping you today!!!!

Please follow the instructions below carefully and you may wish to print them out for easy access while going through these steps.Step 1 - ADAWARE1. Download and install Adaware (Personal Edition) . (Click on "Adaware" in the left-hand column near the top at their website to download the free edition.)2. Go to Start > Programs > Lavasoft and click on AdAware SE Personal Edition 1.06 to open the program3. Look at the icons on the top right of the page and click on the ‘world’ and let AdAware update the spyware reference list4. Once the update is finished click on the ‘Gear’ icon (second from the left) to access the preferences/settings window

1. In the ‘General’ window make sure the following are selected:· Automatically save log-file· Automatically quarantine objects prior to removal· Safe Mode (always request confirmation)2. Click on the ‘Scanning’ button on the left and select :· Scan Within Archives· Scan Active Processes· Scan Registry· Deep Scan Registry· Scan my IE favorites for banned URL’s· Scan my Hosts file· Under ‘Click here to select drives + folders’, choose:· All of your hard drives3. Click on the ‘Advanced’ button on the left and select:· Include additional process information· Include additional file information· Include environment information· Include additional object details4. Click the ‘Tweak’ button and select:· Under the ‘Scanning Engine’:· Unload recognized processes during scanning· Include basic Ad-aware settings in logfile· Include additional Ad-aware settings in logfile· Under the ‘Cleaning Engine’:· Let Windows remove files in use at next reboot5. Click on ‘Proceed’ to save the settings.6. Click ‘Start’ and on the next screen choose ‘Activate in-depth Scan’ at the bottom of the page and then choose:· Use Custom Scanning Options7. Click ‘Next’ and AdAware will scan your hard drive(s) with the options you have selected.8. Save the log file when it asks and then click ‘finish’9. REBOOT the computer and log back into normal mode.

Step 2 - SPYBOT SEARCH & DESTROYSince you already have spybot installed you will just need to configure it the following way to ensure it is being run correctly.1. Go to Start > Programs >Spybot - Search & Destroy and choose ‘Spybot S&D - easy mode’2. Close ALL windows except Spybot S&D3. Click the button to ‘Search for Updates’ and download and install the Updates.4. Next click the button ‘Check for Problems’5. When Spybot is complete, it will be showing ‘RED’ entries ‘BLACK’ entries and ‘GREEN’ entries in the window6. Put a check mark beside the RED entries ONLY.7. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.8. REBOOT the computer and log back in to normal mode.

Then open up CC cleaner and configure it the following way.Once open, disable your protection programs that could prevent registry changes, run CCleaner click the Windows tabSelect the following:Internet Explorer:Temp InternetHistoryRecently Typed URLsDelete Index.dat filesSystem:Empty Recycle BinTemporary FilesMemory DumpsChkdsk File FragmentsOld Prefetch DataNext: click Options click the Settings tabUncheck: "Only delete files older than 48 hrs.", click OkDo not run it yet you will need to do this later.

Step 4- HIJACKTHISThe problem with having HJT in a temp is that it will be deleted when the temps are cleaned.Please follow these steps below to create a new folder for your hijack this program by doing the following.To create a folder:Click My Computer, then C:\In the menu bar, File->New->Folder.That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".Now you have C:\HJT\ folder.Rightclick HijackThis.exe, choose Cut.Doubleclick (to open) the folder you created.Rightclick inside and choose Paste. Double-click on the .exe to scan.To post a HijackThis log..Select "Scan and Save Log".After the scan save the log somewhere.Do Ctrl-A to Select all, and then copy and paste it back into this post and we will go from there.

Launch ewido, there should be an icon on your desktop, double-click it.

The program will now open to the main screen.

When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update.

Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display "Update successful")

Exit ewido. DO NOT scan yet.

If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updates

Please download this file: Nailfix UtilitySave it to your desktop.DO NOT run it yet.

To reboot into SafeMode with Windows XP, you can follow these steps from Microsoft:Next, please reboot your computer in SafeMode by doing the following:

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

Instead of Windows loading as normal, a menu should appear

Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click on nailfix.exe. Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish". Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Now open ewido and do a scan of your system.

Click on scanner

Click on Complete System Scan and the scan will begin.

NOTE: During some scans with ewido it is finding cases of false positives.**

You will need to step through the process of cleaning files one-by-one.

If ewido detects a file you KNOW to be legitimate, select none as the action.

DO NOT select "Perform action on all infections"

If you are unsure of any entry found select none for now as the action.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

Click Save report.

Save the report .txt file to your desktop or a location where you can find it easily.

**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

Close all open windows except for HJT, then click the Fix Checked button. Close HJT.NOTE: The 04 entry may have changed names if you have rebooted since posting the log; look for an entry with a similar format, that will always in in a single letter r.

Go to Start>Search and at the top select Tools>Folder OptionsSelect the View tabDisplay the contents of system foldersShow hidden files and foldersUncheck: Hide protected operating system filesClick on Apply.Next go to the side of the Search box and select All files and folders. Go down to More advanced options.Be sure the first three boxes are selected:Search System foldersSearch Hidden Files and foldersSearch SubFolders

Please remove these entries from Add/Remove Programs in the Control Panel(if present):BookedSpaceAres LiteCasPlease note any other programs that you dont recognize in that list in your next response

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

**********************************************************************************
Files Found are not all bad files:
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 1233-C14A

Snickets

Posted 03 August 2005 - 07:22 AM

Snickets

Visiting Staff

Member

425 posts

Hello redab37,

Lets run this fix and then see where we are with the rest of the issues.

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

redab37

Posted 05 August 2005 - 06:11 PM

redab37

New Member

Topic Starter

Member

6 posts

Snickets-

My computer was not working so well, and then I realized that I had free computer service included in my tuition throught the campus tech store, and so I took it. It's all fixed Thank you so much for all your help!

How to use Spybot to remove Spyware<=If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

Spywareblaster<=SpywareBlaster will prevent spyware from being installed.

IE/Spyad<=IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.

MVPS Hosts file<=The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

Google Toolbar<=Get the free google toolbar to help stop pop up windows.

Other necessary Programs:

AntiVirus Program<=An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.